root / doc / design-ssh-ports.rst @ 333bd799
History | View | Annotate | Download (2.1 kB)
1 | 3ff2cf55 | Petr Pudlak | ================================================ |
---|---|---|---|
2 | 3ff2cf55 | Petr Pudlak | Design for supporting custom SSH ports for nodes |
3 | 3ff2cf55 | Petr Pudlak | ================================================ |
4 | 3ff2cf55 | Petr Pudlak | |
5 | 3ff2cf55 | Petr Pudlak | .. contents:: :depth: 4 |
6 | 3ff2cf55 | Petr Pudlak | |
7 | 3ff2cf55 | Petr Pudlak | This design document describes the intention of supporting running SSH servers |
8 | 3ff2cf55 | Petr Pudlak | on nodes with non-standard port numbers. |
9 | 3ff2cf55 | Petr Pudlak | |
10 | 3ff2cf55 | Petr Pudlak | |
11 | 3ff2cf55 | Petr Pudlak | Current state and shortcomings |
12 | 3ff2cf55 | Petr Pudlak | ============================== |
13 | 3ff2cf55 | Petr Pudlak | |
14 | 3ff2cf55 | Petr Pudlak | All SSH deamons are expected to be running on the default port 22. It has been |
15 | 3ff2cf55 | Petr Pudlak | requested by Ganeti users (`Issue 235`_) to allow SSH daemons run on |
16 | 3ff2cf55 | Petr Pudlak | non-standard ports as well. |
17 | 3ff2cf55 | Petr Pudlak | |
18 | 3ff2cf55 | Petr Pudlak | .. _`Issue 235`: https://code.google.com/p/ganeti/issues/detail?id=235 |
19 | 3ff2cf55 | Petr Pudlak | |
20 | 3ff2cf55 | Petr Pudlak | |
21 | 3ff2cf55 | Petr Pudlak | Proposed Changes |
22 | 3ff2cf55 | Petr Pudlak | ================ |
23 | 3ff2cf55 | Petr Pudlak | |
24 | 3ff2cf55 | Petr Pudlak | Allow users to configure groups with custom SSH ports. All nodes in such a |
25 | 3ff2cf55 | Petr Pudlak | group will then be using its configured SSH port. |
26 | 3ff2cf55 | Petr Pudlak | |
27 | 3ff2cf55 | Petr Pudlak | The configuration will be on the group level only as we expect all nodes in a group |
28 | 3ff2cf55 | Petr Pudlak | to have identical configurations. |
29 | 3ff2cf55 | Petr Pudlak | |
30 | 3ff2cf55 | Petr Pudlak | Users will be responsible for configuring the SSH daemons on machines before |
31 | 3ff2cf55 | Petr Pudlak | adding them as nodes to a group with a non-standard port number, or when |
32 | 3ff2cf55 | Petr Pudlak | modifying the port number of an existing group. Ganeti will not update SSH |
33 | 3ff2cf55 | Petr Pudlak | configuration by itself. |
34 | 3ff2cf55 | Petr Pudlak | |
35 | 3ff2cf55 | Petr Pudlak | |
36 | 3ff2cf55 | Petr Pudlak | Implementation Details |
37 | 3ff2cf55 | Petr Pudlak | ====================== |
38 | 3ff2cf55 | Petr Pudlak | |
39 | 3ff2cf55 | Petr Pudlak | We must ensure that all operations that use SSH will use custom ports as configured. This includes: |
40 | 3ff2cf55 | Petr Pudlak | |
41 | 3ff2cf55 | Petr Pudlak | - gnt-cluster verify |
42 | 3ff2cf55 | Petr Pudlak | - gnt-cluster renew-crypto |
43 | 3ff2cf55 | Petr Pudlak | - gnt-cluster upgrade |
44 | 3ff2cf55 | Petr Pudlak | - gnt-node add |
45 | 3ff2cf55 | Petr Pudlak | - gnt-instance console |
46 | 3ff2cf55 | Petr Pudlak | |
47 | 3ff2cf55 | Petr Pudlak | Configuration Changes |
48 | 3ff2cf55 | Petr Pudlak | ~~~~~~~~~~~~~~~~~~~~~ |
49 | 3ff2cf55 | Petr Pudlak | |
50 | 3ff2cf55 | Petr Pudlak | The node group *ndparams* will get an additional integer valued parameter *ssh_port*. |
51 | 3ff2cf55 | Petr Pudlak | |
52 | 3ff2cf55 | Petr Pudlak | Upgrades/downgrades |
53 | 3ff2cf55 | Petr Pudlak | ~~~~~~~~~~~~~~~~~~~ |
54 | 3ff2cf55 | Petr Pudlak | |
55 | 3ff2cf55 | Petr Pudlak | To/from version 2.10 |
56 | 3ff2cf55 | Petr Pudlak | -------------------- |
57 | 3ff2cf55 | Petr Pudlak | |
58 | 3ff2cf55 | Petr Pudlak | During upgrade from 2.10, the default value 22 will be supplemented. |
59 | 3ff2cf55 | Petr Pudlak | |
60 | 3ff2cf55 | Petr Pudlak | During downgrade to 2.10 the downgrading script will check that there are no |
61 | 3ff2cf55 | Petr Pudlak | configured ports other than 22 (because this would result in a broken cluster) |
62 | 3ff2cf55 | Petr Pudlak | and then will remove the corresponding key/value pairs from the configuration. |
63 | 3ff2cf55 | Petr Pudlak | |
64 | 3ff2cf55 | Petr Pudlak | Future versions |
65 | 3ff2cf55 | Petr Pudlak | --------------- |
66 | 3ff2cf55 | Petr Pudlak | |
67 | 3ff2cf55 | Petr Pudlak | For future versions the up/downgrade operation will need to know the configured |
68 | 3ff2cf55 | Petr Pudlak | SSH ports. Because all daemons are stopped during the process, it will be |
69 | 3ff2cf55 | Petr Pudlak | necessary to include SSH ports in *ssconf*. |